|
From: | Ali Nebi |
Subject: | Re: [Jailkit-users] Users connected via SFTP not jailed |
Date: | Fri, 4 Apr 2014 10:54:48 +0300 |
As far as I understand SSH this command will disble sftp from running from the jail binary
Subsystem sftp internal-sftp
Try commenting out that section and see if it works as expected, then once you have that working you can look at restricting it more.
Rich
On 04/04/2014 08:13, Ali Nebi wrote:
I used following command to jail the user:
jk_jailuser -m -j /home/chrootssh/ test-anebi
In auth.log following things happen:
When i connect with SFTP:
Apr 4 09:06:25 labs sshd[22685]: Accepted password for test-anebi from 89.215.8.109 port 60208 ssh2
Apr 4 09:06:25 labs sshd[22685]: pam_unix(sshd:session): session opened for user test-anebi by (uid=0)
Apr 4 09:06:26 labs sshd[8070]: subsystem request for sftp by user test-anebi
When i connect with SSHApr 4 09:07:03 labs sshd[6482]: Accepted password for test-anebi from 89.215.8.109 port 60253 ssh2
Apr 4 09:07:03 labs sshd[6482]: pam_unix(sshd:session): session opened for user test-anebi by (uid=0)
Apr 4 09:07:03 labs jk_chrootsh[15416]: now entering jail /home/chrootssh for user test-anebi (1008) with arguments
Olivier, yes, i do have little bit changed ssh config, i have changed SFTP subsystemfrom
Subsystem sftp /usr/lib/openssh/sftp-server
to
Subsystem sftp internal-sftp# Rules for sftponly group
Match group sftponly
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
I tried yesterday reverting this change, but still same problem, so i am not sure if this can cause this problem.
I will try to reproduce the problem on a clean system without any configuration changes to see if it will happen there.
On Fri, Apr 4, 2014 at 1:15 AM, Olivier Sessink <address@hidden> wrote:
On 04/03/2014 11:49 AM, Ali Nebi wrote:all processes that are started via the shell of the user will be jailed
> Hi,
>
> I have installed jailkit on ubuntu 12.04 and it is working perfectly
> for SSH accesses for jailed users. They are in jail dir and all is ok.
> But i noticed today that when users connect via SFTP, they see and can
> browse in real system - they are not jailed. I checked all libraries,
> all device files related to sftp and all is copied to jail dir. Can
> you give me advices how to get this working?
(because the shell it jk_chrootsh). Any process that is not started via
the shell is not jailed. Normally openssh will start sftp via the shell
and thus the user is jailed. So my first guesses are:
- you could be using a different ssh server, or differently configured ?
- you could be using ftps (ftp over ssl) and not sftp (ftp over ssh),
and the ftps server is not in a jail
Olivier
--
Bluefish website http://bluefish.openoffice.nl/
Blog http://oli4444.wordpress.com/
_______________________________________________
Jailkit-users mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/jailkit-users
--
Iguana Information Technologies, SL+34 915569100
Calle López de Hoyos 35, 1º
28002 Madrid, España (Spain)
+34 649336286
http://www.iguanait.com/
Advertencia
-----------
Este mensaje contiene información privada y confidencial. Si usted
no es el destinatario, no está autorizado a leer, imprimir, retener,
copiar o difundir este mensaje o parte de él. En caso de que usted
reciba este mensaje por error debe borrarlo. Gracias.
Confidentiality notice
----------------------
This message contains private and confidential information. If you
are not the named addressee, you are not authorized to read, print,
retain, copy or disseminate this message or any part of it. In case
you receive this message by mistake you should delete it. Thanks.
_______________________________________________ Jailkit-users mailing list address@hidden https://lists.nongnu.org/mailman/listinfo/jailkit-users
_______________________________________________
Jailkit-users mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/jailkit-users
[Prev in Thread] | Current Thread | [Next in Thread] |